SQL Injection in forkcms/forkcms

Description When deleting submissions which belong to a formular made with module FormBuilder, the parameter id is vulnerable for SQL injection. Proof of Concept - Call the URL...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new module, the description of the module can contain JavaScript code. After uploading the new module and looking at the Details page, the JavaScript code would be executed. Proof of Concept - I downloaded this module...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new theme, the description of a theme can contain JavaScript code. This can be used for Cross-Site-Scripting. Proof of Concept I downloaded the Kompact theme https://github.com/jessedobbelaere/fork-cms-theme-kompact/archive/master.zip, extracted it and changed in...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description Hello. ForkCMS does not properly sanitize the website's TITLE when it is imported into the meta tags. Proof of Concept If we set the page title to something like this: Home - Hi'"script src=//xss/scriptx="99\r\n%0A%09%0Dsvg\onload=confirm1 It gets reflected back here: "" Impact This...

Open Redirect in forkcms/forkcms

Description When a user, who has access to admin page and who is not logged in, opens a page like http://forkcms.site/private/de/authentication?querystring=//google.de/ and the user enters their credentials, the user is redirected to https://google.de. When a user, who has access to admin page an...

Cross-Site Request Forgery (CSRF) in forkcms/forkcms

✍️ Description Attacker is able to logout a user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out //POC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. XSS is possible when the option allowHTML was set to true for text inputs and textfields 🕵️‍♂️ Proof of Concept http://demo.fork-cms.com/en/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 💥 Impact XSS attacks can...

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through the search form 🕵️‍♂️ Proof of Concept 1. Go to http://site.com/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 2. XSS payload will be executed 💥 Impact An attacker can execute JavaScript code in the website...

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through settings translation 🕵️‍♂️ Proof of Concept 1. Go to https://demo.fork-cms.com/private/en/locale 2. In search box named "Reference code" input " 3. XSS payload will be executed 💥 Impact An attacker can execute JavaScript code in the website...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS. The getMovieId function in MediaItemAddMovie.php does not properly validate the invalid video ids, allowing a malicious user to inject and execute malicious javascript...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization in the mediaItem.title, allowing a malicious user to inject and execute malicious javascript...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through image name edition. 🕵️‍♂️ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Upload any image and then click on Back to overview. 4. With the image...

GHSA-PVGF-MRR4-CW7R Cross-Site Request Forgery in ForkCMS

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

Cross-Site Request Forgery in ForkCMS

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

forkcms 跨站请求伪造漏洞

forkcms is a software application. A CMS. A cross-site request forgery vulnerability exists in forkcms versions prior to 5.8.2, which allows remote attackers to hijack the authentication of a logged-in administrator...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitation in referrer field, allowing malicious users to inject and execute arbitrary javascript...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through search request. It is possible to set the HTTP referer header to javascript:. 🕵️‍♂️ Proof of Concept Execute the following command localhost: shell curl -H 'Referer: javascript:alert'...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through adding new media. 🕵️‍♂️ Proof of Concept Payload: . 1. With an authenticated user, access: http://localhost/private/en/medialibrary/mediaitemindex. 2. Select the option Online movies Youtube, Vimeo, ... and click on Next. 3. Select any source...

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. Submitted values weren't escaped in case of date, time or hidden fields. This made it possible to perform an XSS attack by URL tampering 🕵️‍♂️ Proof of Concept Find a Spoon Form where there is a date, time or hidden field and pass...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...